OLDSMAR, Fla. — Pinellas County detectives are investigating a computer software intrusion at Oldsmar's Water Treatment Plant.
The Pinellas County Sheriff's Office said on Friday, Feb. 5, deputies were notified by the City of Oldsmar that their computer system had been remotely accessed by an unknown person.
"Water systems like other public utilities systems are part of the nation’s critical infrastructure and can be vulnerable targets when someone desires to adversely affect public safety," said Sheriff Bob Gualtieri.
Detectives said the Oldsmar computer system at the water treatment plant allows for remote access by authorized users to troubleshoot any problems from other locations.
The initial intrusion at 8 a.m. was brief and did not have a cause for concern. However, at 1:30 p.m., a plant operator saw a second remote access user opening different functions in the system that controls the amount of sodium hydroxide in the water.
The sheriff's office said the operator noted the remote access user raised the levels of sodium hydroxide in the water from around 100ppm to 11,100ppm. The operator immediately reduced the levels to the appropriate amount.
"This is obviously a significant and potentially dangerous increase sodium hydroxide also known as lye is the main ingredient in drain cleaners. It’s also used to control water acidity and remove metals from drinking water," the sheriff said.
The initial investigation states the hacker remotely accessed the treatment plant's computer for about 3-5 minutes.
"At no time was there a significant effect on the water being treated, and more importantly the public was never in danger," said Sheriff Bob Gualtieri.
Senator Marco Rubio tweeted "I will be asking the @FBI to provide all assistance necessary in investigating an attempt to poison the water supply of a #Florida city. This should be treated as a matter of national security."
The sheriff's office said the FBI and Secret Service are assisting with the investigation.
"We don’t know right now whether the breach originated from within the United States or outside the country. We also do not know why the Oldsmar system was targeted and we have no knowledge of any other systems being unlawfully accessed," Gualtieri said.
However, the sheriff said they're asking other governments in the Tampa Bay area with critical infrastructure components to review their computer security protocols and make any necessary upgrades.
"I would say this isn’t something specific to a water treatment plant, it’s specific to a network, it’s specific to the remote capability for anyone in any industry to have confidential information and remote access to a system particularly breached," said Ian Marlow, the CEO of FitechGelb, a cybersecurity company.
The safety of the water coming out of his tap is the last thing on the minds of Bill Cordell and his Oldsmar neighbors.
“I was totally shocked to hear the news. A small town like Oldsmar. You wonder who would even - we’re not really on the map compared to most places. Nobody’s even heard of Oldsmar,” Cordell said.
In large amounts, sodium hydroxide can cause severe vomiting or even death, according to Florida Poison control leaders.
Luckily, an operator noticed the switch and corrected the chemical amounts before it impacted the drinking water. Oldsmar city leaders say back up alarms also would have caught the switch.
Cybersecurity experts say the hack should raise red flags nationwide.
“It’s incredibly significant it's the first time that there's been a successful hack that we documented in the United States that specifically targets a water company," Johnathan Monken said, adding that it’s likely a crime of opportunity, but it highlights vulnerabilities potentially putting us in danger.
"It may be less about targeting this particular system and this particular town or this particular state, and more about just the process of a burglar driving past houses and waiting to see one that doesn't have a security system sign in the front yard,” Monken added.
Detectives are tracking several leads but say it’s unclear if the hacker is from here in the US or from another country.
Oldsmar leaders tell ABC Action News they’ve disabled the remote program that the hacker was able to access and they’re making upgrades now to any prevent future attacks.
The investigation is ongoing.